Penalty for not deleting data

Penalty for not deleting data

A Czech individual had requested the deletion of personal data from a website operator. The right to do so arises from Article 17 of the General Data Protection Regulation. However, the company ignored the data subject’s request and did not erase the data.

Following a complaint to the supervisory authority, a investigation against the company was initiated. As a result, the company was fined a fine of 10,000 CZK and the data was deleted.

Conclusion

The data subject rights are used by more and more private persons to obtain data information or to have data deleted. Several times there have been penalties after the companies have ignored these requests. However, due to the right of complain to the DPA, the companies must assume that an ignored request will lead to an investigation by the DPA.

Especially with large companies, requests is not a matter of desire, but complex by the various systems. Answering within a month leaves little time frame. Therefore, companies should already pre-deal with the automation of data protection inquiries.

Entscheidungsdatum:
25.10.2018

Land:
Czech Republic

Art des Verstoßes:
violated rights of the data subject

Betroffene Datensätze:
1

Waren sensible Daten betroffen?:
No

verhängte Geldstrafe:
€ 400,-

Quelle: